(19) 




(12) 



Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 



(43) Date of publication: 

04.12.1996 Bulletin 1996/49 



(n) EP 0 745 924 A2 

EUROPEAN PATENT APPLICATION 

(51) Int CI. 6 : G06F 1/00 



(21) Application number: 96303612.4 

(22) Date of filing: 21.05.1996 



(84) Designated Contracting States: 


• Primatic, Agesino 


DE FR GB 


Frenchtown, New Jersey 08825 (US) 




• Kowalski, Thaddeus Julius 


(30) Priority 31.05.1995 US 455614 


Summit, New Jersey 07901 (US) 


(71) Applicant: AT&T Corp. 


(74) Representative: Johnston, Kenneth Graham et al 


New York, NY 10013-2412 (US) 


Lucent Technologies (UK) Ltd, 


(72) Inventors: 


5 Mornington Road 


Woodford Green Essex, IG8 OTU (GB) 


• Ensor, Myra L. 


Summit. New Jersey 07901 (US) 





(54) User-transparent security method and apparatus for authenticating user terminal access to 
a network 



CM 
< 

CM 

in 
o 

Q_ 
LU 



(57) The present invention provides a password au- 
thentication security system for a telecommunications 
network ( 1 00) having a plurality of user terminals or sub- 
scriber stations (110i communicably coupled to the net- 
work (100) The system comprises a network control or 
service center (108) coupled to the subscriber stations 
(110). to service provider stations (102) and to network 
databases (104. 106) via the network (100). Upon es- 
tablishment of a communication with a subscriber sta- 
tion (110). a network coupling identifier comprising in 
one embodiment the telephone number of the line to 
which the subscriber station (110) is connected is de- 
tected at a telephone switching office (120) and trans- 
mitted to the control center (108). If this is the first time 
communications have been established between the 
subscriber station (110) and the network (100), the re- 
ceived telephone number is encrypted to produce a se- 
cret password that is then automatically transmitted to 
the subscriber station (110) lor storage in memory (126). 
Upon subsequent communications, the telephone 
number is again received by the control center (108) 
where it is encrypted to produce a second password. 
The first password is then automatically retrieved from 
memory (126) of the subscriber station (110) independ- 
ent of user interaction. The two passwords are com- 
pared, and the network control center (108) causes the 
incoming call from the subscriber station (1 1 0) to be con- 
nected to a network service provider station ( 1 02) , a net- 
work database (104, 106). a network output device or 
the like if the passwords are at least similar. If the two 
passwords are not at least similar, the control center 
(108) causes the incoming call of the subscriber station 



(110) to be disconnected, thereby terminating the sub- 
scriber station's access to the network (100). 



FIG, 1 



r 



102 




104 


! SERVICE 
■PROVIDERS 




EXTERNAL! 
DATA 
FEEDS 


1 




1 


TOECOUMUNCATIONS 



r 



103^- SERVICE BUREAU 



! DATABASES ~~> 112 




H TRANSACTION j 


ENCRYPTER/ 


^116 


1 MANAGES r*" 


OECRYPTER 






howe "subscriber statT6n~/i — I 



j MICROPROCESSOR | 


130, 


{MEMORY! 


« 



110 

'SUBWl§E*TTA7^ 

d» j 

MICROPRCCCSSOR 



INPUT 
DEVICE 



OUTPUT 
DEVICE 



INPUT 
DEVICE 



{MEMORTl 



OUTRjrl 
DEVICE I 



Printed by Jouve, 75001 PARIS (FR) 



CID: <EP 0745924A2_I_> 



3 



EP 0 745 924 A2 



4 



other encrypted password using the subscriber's cur- 
rently detected network coupling identifier and the same 
network encryption key. The control center then uploads 
the encrypted password previously stored in memory of 
the user terminal and compares the two passwords. If 
they match, this signifies that the same user terminal is 
requesting access from the same network coupling, and 
security is maintained independently of any user inter- 
action. If the two passwords do not match, the user is 
then notified of the problem and the network connection 
is terminated by the network control center in the as- 
sumption that either the password or the user terminal's 
coupling to the network has been tampered with. 

Brief Description of the Drawings 

Fig. 1 is a block diagram of a telecommunications 
network embodying the present invention in which 
a plurality of subscriber stations are coupled to each 
of a network service bureau, a plurality of service 
provider stations and a plurality of data feeds and 
databases. 

Fig. 2 is a block diagram a computer network em- 
bodying the present invention in which a plurality of 
user terminals are coupled to a network server, a 
network database and a network output device; and 
Fig. 3 is a flow chart illustrating the password au- 
thentication process implemented in a telecommu- 
nications network and performed in accordance 
with the present invention. 

Detailed Description 

The present invention provides a password authen- 
tication security system for a network 100, 200 having 
a plurality of user terminals 110, 202 communicably cou- 
pled to the network 100, 200. As shown respectively in 
Figs. 1 & 2, the system may be implemented in either 
of a telecommunications network 100 or a computer net- 
work 200 each having a network control center 1 08, 206 
coupled to the network 100, 200 for monitoring and/or 
managing access and communications to the network 
100, 200 by the user terminals 110, 202. The user ter- 
minals 101, 202 are coupled to the network 100, 200 via 
a uniquely identifiable network coupling 112, 212 such 
as an assigned data communications channel, the ad- 
dress of a network node or remote terminal link, or a 
dedicated telephone line into a telephone network. 

Referring to the computer network 200 shown in 
Fig. 2, the network control center comprises a server 
206 and associated databases 208 coupled to a plurality 
of user terminals 202 and network output devices 204 
via a computer network 200 such as a LAN or WAN. 
Access to the computer network 200 is typically moni- 
tored and performed by an access control unit of the net- 
work server (not shown). When connection to the net- 
work 200 is requested by a user, the access control unit 
recognizes the network address of the user terminal 202 



or location, which may include its local network server 
address, its remote link address to a sub-net and the 
user's assigned network directory. The control unit de- 
termines the availability of a connection slot to the server 
5 206 and determines whether the user has authorization 
to access the network devices 204 and/or databases 
208. 

Referring to Fig. 1, a telecommunications network 
100, such as a wired network, a wireless network, a sat- 
10 ellite network, a fiber optic cable network, a coaxial ca- 
ble network or the like, is shown having a network con- 
trol center 108 forming a network service bureau. The 
service bureau 108 is coupled to the plurality of user 
terminals 110 forming home or business subscriber sta- 

*s tions, to service provider stations 102 and to external 
data feeds 1 04 and databases 1 06 via the network 1 00. 
In this embodiment, the service bureau 108 acts as an 
intermediate transmission station for the provision of on- 
line services from service providers 102 and data from 

20 external data feeds 1 04 and external databases 1 06 to 
terminal devices in home and business subscriber sta- 
tions 110. To accomplish this, the service bureau 108 
includes microprocessor logic 1 1 4 such as a transaction 
manager, internal databases 112 and a script generator 

25 us for managing network connections, network pass- 
word authentications, data communications and script 
messaging to the subscriber stations 110. 

The service bureau 1 08 also enables the download- 
ing of software to the terminals of the subscriber stations 

30 110 for the purpose of upgrading terminal software to 
implement new hardware features and/or services and 
for providing new terminal-resident software applica- 
tions. In the embodiment of the subscriber device dis- 
cussed below, specific, terminal-resident software may 

35 be licensed and downloaded to the terminal from the 
service bureau 108 so as to control and manage the op- 
eration of other devices that may be coupled to the ter- 
minal either directly or via a home network. 

One advantage of the invention in such an applica- 

40 tion is that a user who has a subscriber terminal but is 
not registered for a particular service is prevented from 
fraudulently downloading software via another, regis- 
tered user's network connection (i.e. telephone line) by 
hooking up his terminal to the registered user's network 

45 connection. Fraudulent copying of the software once 
downloaded is further inhibited by providing subscriber 
terminals which, due to the fact that they need not be 
computer systems, do not have alternate input/output 
devices (i.e. floppy drives) by which the software can be 

so copied. 

The subscriber stations 110 may comprise practi- 
cally any terminal device adapted to connect to a tele- 
communications network 1 00 via conventional methods 
having a microprocessor 124 for processing data and 
55 managing network transactions, a transceiver for trans- 
mitting and receiving data (not shown), memory 126 for 
data storage (volatile and/or non -volatile), a user input 
device 130 (i.e. keyboard, mouse, remote control, etc.) 
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If the transaction manager's request to the terminal 
110 to retrieve a password stored in the predetermined 
location in memory 1 26 does return a password, this 
then signifies that the terminal 110 has already been 
registered in a previous transaction. In this case, the 
transaction manager 114 compares the newly encrypted 
password with the retrieved password for authentication 
purposes. If the two passwords are not identical, then 
an error message is sent to the terminal 11 0 to indicate 
to the subscriber that the authentication has failed due 
to tampering with the password stored in the terminal's 
memory 1 26, a hardware failure, or a mismatch between 
the particular terminal 110 and the dedicated telephone 
line 112. Again, the subscriber is instructed to make a 
voice call to the service bureau 108 to resolve the prob- 
lem and the modem connection is terminated. If, how- 
ever, the two passwords are determined to be identical, 
then the authentication handshake has completed suc- 
cessfully, and the service bureau 108 proceeds with the 
transaction by downloading requested software to the 
terminal 1 1 0 or by coupling the terminal 1 1 0 to a service 
provider 102. 

It is noted that although it is preferable to perform a 
password comparison for an identical match in order to 
determine whether to allow access to the network 100, 
200, it would also be advantageous to perform a pass- 
word comparison wherein access is allowed either when 
the passwords are only similar or when only portions of 
the passwords actually match. This would be advanta- 
geous when, for example, it is desirable to allow access 
to each user within a given group of network users. Ac- 
cordingly, for a computer network 200, this would enable 
all users on a given sub-network to gain access to the 
network 200 by virtue of the fact that each user's net- 
work address specifies that sub-network. For a tele- 
phone network 100, this would similarly enable all sub- 
scribers within a given geographical area (serviced by 
a particular switching office) to gain access to the net- 
work 1 00 by virtue of the fact that the telephone number 
for each subscriber includes the same geographical 
trunk number. 

Additionally, it is foreseen that this automatic, user- 
transparent password authentication system can be 
made even more reliable by implementing a process in 
the network control center 108, 206 for automatically 
changing the passwords stored within the memory 126 
of the user terminals 110, 202 and updating the corre- 
sponding list of passwords stored in the control center's 
interna! database 1 1 2, 208. This would be accomplished 
after an initial password authentication for a selected us- 
er terminal 110, 202 by encrypting the network coupling 
identifier using a different encryption key produced by 
the network control center 108, 206. The network control 
center 108, 206 then automatically replaces the original 
password in each of its own internal database 112, 208 
and the predetermined (or an alternate) memory loca- 
tion 1 26 of the user terminal 110, 202 without the user's 
knowledge. Additionally, when the identifier is encrypt- 
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ed, an expiration date may be added to the password to 
apprise service providers of whether the user is current- 
ly registered with the network and/or a particular service. 
While the embodiments described herein disclose 
5 the primary principles of the present invention, it should 
be understood that these embodiments are merely illus- 
trative since various additions and modifications, which 
do not depart from the spirit and scope of the invention, 
are possible. For example, in the scenario of subscriber 
transactions with a network sen/ice bureau for the pro- 
vision of services and information from the network to 
the subscriber, the invention may be used to uniquely 
identify the subscriber with his subscriber account main- 
tained at the service bureau via the telephone number 
assigned to the subscriber's telephone by the network. 
Although the subscriber may relocate to a different res- 
idence or subscriber station, re-assignment of the sub- 
scriber's old telephone number to the new subscriber 
station will enable the service bureau to maintain the as- 
sociation of the subscriber with the previous account de- 
spite relocation. Accordingly, the forgoing Detailed De- 
scription is to be understood as being in all cases de- 
scriptive and exemplary but not restrictive, and the 
scope of the invention is to be determined not from the 
Detailed Description, but rather from the claims as in- 
terpreted according to the full breadth permitted by the 
patent laws. 



Claims 

1. A method for determining whether access to a tel- 
ecommunications network from a selected one of a 
plurality of user terminals communicably coupled to 
the network is authorized, the network comprising 
one of a wired network, a wireless network, a sat- 
ellite network, a fiber optic cable network and a co- 
axial cable network, the method 
CHARACTERIZED BY 

the steps of: 

detecting a network coupling identifier of the 
selected user terminal upon receipt of an in- 
coming call to the network from the selected us- 
er terminal, the identifier containing information 
regarding the communications channel of the 
network utilized by the incoming call from the 
selected user terminal; 
receiving from the user terminal a password; 
comparing the identifier and the password; 
allowing access to the network for the selected 
user terminal if at least a portion of the identifier 
matches at least a portion of the password; and 
denying access to the network for the selected 
user terminal if no portion of the identifier 
matches no portion of the password. 

2. The method of claim 1, wherein the network com- 
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